ASAN mode hangs on arm64 macOS

[xiejw]

I sync to head and recompile LLVM every week.

Roughly, noticed this problem since last week on master branch. I tried to sync to head today and recompile. Hit the same issue

clang version 16.0.0 (https://github.com/llvm/llvm-project.git b1e5e81efda4c020a990dc749ef8bfb8bd4b763c)
Target: arm64-apple-darwin21.6.0
Thread model: posix

Repro is quite easy

1. main.c

#include <stdio.h>

int main() {
        printf("Hello");
        return 0;
}

2. compile and run

clang -lm -std=c11   -fsanitize=address  -g  main.c
# hang
ASAN_OPTIONS=detect_leaks=1 ./a.out

3. If run without ASan, no issue

clang -lm -std=c11   -fsanitize=address  -g  main.c
# ok
./a.out

[vitalybuka]

Maybe related google/sanitizers#1331 google/sanitizers#703 google/sanitizers#379

On my Ubuntu ARM it does not hang, just slow:

ASAN_OPTIONS=detect_leaks=0 time ./a.out
Hello
0.00user 0.00system 0:00.00elapsed 100%CPU (0avgtext+0avgdata 6604maxresident)k
0inputs+0outputs (0major+1152minor)pagefaults 0swaps

ASAN_OPTIONS=detect_leaks=1 time ./a.out
Hello
2.54user 0.02system 0:02.56elapsed 99%CPU (0avgtext+0avgdata 7276maxresident)k
0inputs+0outputs (0major+4708minor)pagefaults 0swaps

FYI @kstoimenov

[xiejw]

Thanks @vitalybuka for looking into this. I am not familiar with the issues linked, which are all quite old (?).

Two follow up comments:

• On my macOS ARM (M1), it is not just slow, likely hangs (I have to type ctrl-c after 1 min or 2).
• Also this issued was surfaced in recent weeks (so git commit info attached later), not /month.years.

RE slow vs hang (ctrl+c for second test)

$ time ASAN_OPTIONS=detect_leaks=0 time ./a.out
Hello        0.89 real         0.03 user         0.09 sys

real	0m1.052s
user	0m0.035s
sys	0m0.106s

$ time ASAN_OPTIONS=detect_leaks=1 time ./a.out
Hello^Ctime: command terminated abnormally
      116.56 real         9.01 user       107.34 sys


real	1m56.575s
user	0m9.014s
sys	1m47.348s

RE commits

# bad commit
$ clang --version
clang version 16.0.0 (https://github.com/llvm/llvm-project.git b1e5e81efda4c020a990dc749ef8bfb8bd4b763c)
Target: arm64-apple-darwin21.6.0
Thread model: posix

# good commit (about 22 days ago)
clang --version
clang version 16.0.0 (https://github.com/llvm/llvm-project.git 04a5ca862bb989acdd2729d0991b4e5a104bf244)
Target: arm64-apple-darwin21.6.0
Thread model: posix

[xiejw]

Just curious: anything I can help? I rebuild the HEAD (from last Thursday) and still face the same issue. Thanks!

[xiejw]

I did bisect by compiling all commits from scratch (clean state for all commits) and identified 39db491957dcf095936d81bed89c2b4edae2a1e7 is the root cause for the problem I faced.

Full list

oct 13 bad  9c26f51f5e178ac0fda98419e3a61d205d3b58b1 
oct 13 bad  e851f7dbcad2b8077f7ac0fb54ec85eac6f7c0b2
oct 12 bad  39db491957dcf095936d81bed89c2b4edae2a1e7
oct 12 good 24989646a5216cc6f8c6d336a17e7cb2f5c60454 (parent of39db491957dcf095936d81bed89c2b4edae2a1e7)
oct 11 good bfe5e81826f4d98eeaa2dac08aa67bd0d7a95514
oct 07 good 9e80add2cfa9bb03bbe77cca9adec18137204538 

This is the best I can help so far. @happyCoder92 and @vitalybuka Can you help? Thanks

[vitalybuka]

Thank you. With this info, issues mentioned above are likely irrelevant.

Could you please try to:
Insert Printf() around:
param.caller_tid = GetTid();
I suspect this is the most likely hang location

Also can you print, just in case, sp and callers_sp just before:
sp = caller_sp;

[xiejw]

Certainly, this is the diff based on commit 39db491 (not HEAD). Please see the output attached after that. I did not see the output related to the sp and caller_sp.

diff --git a/compiler-rt/lib/lsan/lsan_common.cpp b/compiler-rt/lib/lsan/lsan_common.cpp
index 51218770d6dc..781602e925c8 100644
--- a/compiler-rt/lib/lsan/lsan_common.cpp
+++ b/compiler-rt/lib/lsan/lsan_common.cpp
@@ -420,6 +420,7 @@ static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
       sp = stack_begin;
     }
     if (suspended_threads.GetThreadID(i) == caller_tid) {
+      Printf("==> debugging sp and caller_sp %ld %ld\n", sp, caller_sp);
       sp = caller_sp;
     }
 
@@ -752,7 +753,9 @@ static bool CheckForLeaks() {
     // Old frame with dead pointers might be overlapped by new frame inside
     // CheckForLeaks which does not use bytes with pointers before the
     // threads are suspended and stack pointers captured.
+    Printf("==> i am here 123\n");
     param.caller_tid = GetTid();
+    Printf("==> i am here 456\n");
     param.caller_sp = reinterpret_cast<uptr>(__builtin_frame_address(0));
     LockStuffAndStopTheWorld(CheckForLeaksCallback, &param);
     if (!param.success) {

This is the output

$ ASAN_OPTIONS=detect_leaks=1 ./a.out
Hello==> i am here 123
==> i am here 456
^C

[vitalybuka]

Is any difference with: -ptrace

[xiejw]

not familiar with this flag, how to pass it?

$ clang -lm -std=c11   -fsanitize=address  -g -ptrace  main.c
clang-16: error: unknown argument: '-ptrace'

[vitalybuka]

Sorry for typo, I meant to write -pthread

[happyCoder92]

Can you make sure it gets past
param.caller_sp = reinterpret_cast<uptr>(__builtin_frame_address(0))
and also if it even gets into ProcessThreads.

[xiejw]

@vitalybuka pthread does not help. I think macOS does not need this actually (based on my experience)
@happyCoder92 added, please see (see Experiment 1). I noticed Process Threads are ENTERED IN but not OUT.

In Experiment 2 (with more printf inserted), seems it hangs at

suspended_threads.GetThreadID(i) == caller_tid

Experiment 1

diff --git a/compiler-rt/lib/lsan/lsan_common.cpp b/compiler-rt/lib/lsan/lsan_common.cpp
index 51218770d6dc..652b3fe3e9a2 100644
--- a/compiler-rt/lib/lsan/lsan_common.cpp
+++ b/compiler-rt/lib/lsan/lsan_common.cpp
@@ -393,6 +393,7 @@ static void ProcessThreadRegistry(Frontier *frontier) {
 static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
                            Frontier *frontier, tid_t caller_tid,
                            uptr caller_sp) {
+  Printf("==> i am here ProcessThreads BEFORE\n");
   InternalMmapVector<uptr> registers;
   for (uptr i = 0; i < suspended_threads.ThreadCount(); i++) {
     tid_t os_id = static_cast<tid_t>(suspended_threads.GetThreadID(i));
@@ -420,6 +421,7 @@ static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
       sp = stack_begin;
     }
     if (suspended_threads.GetThreadID(i) == caller_tid) {
+      Printf("==> debugging sp and caller_sp %ld %ld\n", sp, caller_sp);
       sp = caller_sp;
     }
 
@@ -510,6 +512,7 @@ static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
 
   // Add pointers reachable from ThreadContexts
   ProcessThreadRegistry(frontier);
+  Printf("==> i am here ProcessThreads END\n");
 }
 
 #  endif  // SANITIZER_FUCHSIA
@@ -752,8 +755,15 @@ static bool CheckForLeaks() {
     // Old frame with dead pointers might be overlapped by new frame inside
     // CheckForLeaks which does not use bytes with pointers before the
     // threads are suspended and stack pointers captured.
+
+    Printf("==> i am here caller_tid = GetTid() BEFORE\n");
     param.caller_tid = GetTid();
+    Printf("==> i am here caller_tid = GetTid() END\n");
+
+    Printf("==> i am here caller_sp = __builtin_frame_address BEFORE\n");
     param.caller_sp = reinterpret_cast<uptr>(__builtin_frame_address(0));
+    Printf("==> i am here caller_sp = __builtin_frame_address END\n");
+
     LockStuffAndStopTheWorld(CheckForLeaksCallback, &param);
     if (!param.success) {
       Report("LeakSanitizer has encountered a fatal error.\n");

Output

$ASAN_OPTIONS=detect_leaks=1 ./a.out -ptrace
Hello==> i am here caller_tid = GetTid() BEFORE
==> i am here caller_tid = GetTid() END
==> i am here caller_sp = __builtin_frame_address BEFORE
==> i am here caller_sp = __builtin_frame_address END
==> i am here ProcessThreads BEFORE
^C

Experiment 2

With more clues available(I wish I can debug more to help but am new to codebase, sorry), then I added more printf to the code inside the ProcessThreads

@@ -393,8 +393,10 @@ static void ProcessThreadRegistry(Frontier *frontier) {
 static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
                            Frontier *frontier, tid_t caller_tid,
                            uptr caller_sp) {
+  Printf("==> i am here ProcessThreads BEFORE\n");
   InternalMmapVector<uptr> registers;
   for (uptr i = 0; i < suspended_threads.ThreadCount(); i++) {
+    Printf("==> i am here ProcessThreads Milestone 0\n");
     tid_t os_id = static_cast<tid_t>(suspended_threads.GetThreadID(i));
     LOG_THREADS("Processing thread %llu.\n", os_id);
     uptr stack_begin, stack_end, tls_begin, tls_end, cache_begin, cache_end;
@@ -408,9 +410,13 @@ static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
       LOG_THREADS("Thread %llu not found in registry.\n", os_id);
       continue;
     }
+    Printf("==> i am here ProcessThreads Milestone 1\n");
+
     uptr sp;
+    Printf("==> i am here ProcessThreads Milestone 1a\n");
     PtraceRegistersStatus have_registers =
         suspended_threads.GetRegistersAndSP(i, &registers, &sp);
+    Printf("==> i am here ProcessThreads Milestone 1b\n");
     if (have_registers != REGISTERS_AVAILABLE) {
       Report("Unable to get registers from thread %llu.\n", os_id);
       // If unable to get SP, consider the entire stack to be reachable unless
@@ -419,10 +425,13 @@ static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
         continue;
       sp = stack_begin;
     }
+    Printf("==> i am here ProcessThreads Milestone 1c\n");
     if (suspended_threads.GetThreadID(i) == caller_tid) {
+      Printf("==> debugging sp and caller_sp %ld %ld\n", sp, caller_sp);
       sp = caller_sp;
     }
 
+    Printf("==> i am here ProcessThreads Milestone 2\n");
     if (flags()->use_registers && have_registers) {
       uptr registers_begin = reinterpret_cast<uptr>(registers.data());
       uptr registers_end =
@@ -457,6 +466,7 @@ static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
       ForEachExtraStackRange(os_id, ForEachExtraStackRangeCb, frontier);
     }
 
+    Printf("==> i am here ProcessThreads Milestone 3\n");
     if (flags()->use_tls) {
       if (tls_begin) {
         LOG_THREADS("TLS at %p-%p.\n", (void *)tls_begin, (void *)tls_end);
@@ -506,10 +516,12 @@ static void ProcessThreads(SuspendedThreadsList const &suspended_threads,
       }
 #    endif
     }
+    Printf("==> i am here ProcessThreads Milestone 4\n");
   }
 
   // Add pointers reachable from ThreadContexts
   ProcessThreadRegistry(frontier);
+  Printf("==> i am here ProcessThreads END\n");
 }

Output

rm -rf a.out* && time clang -lm -std=c11   -fsanitize=address  -g -pthread  main.c && ASAN_OPTIONS=detect_leaks=1 ./a.out -ptrace

real	0m0.132s
user	0m0.052s
sys	0m0.034s
Hello==> i am here caller_tid = GetTid() BEFORE
==> i am here caller_tid = GetTid() END
==> i am here caller_sp = __builtin_frame_address BEFORE
==> i am here caller_sp = __builtin_frame_address END
==> i am here ProcessThreads BEFORE
==> i am here ProcessThreads Milestone 0
==> i am here ProcessThreads Milestone 1
==> i am here ProcessThreads Milestone 1a
==> i am here ProcessThreads Milestone 1b
==> i am here ProcessThreads Milestone 1c

[vitalybuka]

We need to be careful after LockStuffAndStopTheWorld, Printf may dead lock and confuse.
To be sure you may try to use Die() to confirm checkpoints.

[xiejw]

Thanks for the heads up. Do you have an example how to use Die? I can change the code and try again.

[vitalybuka]

@yln @kubamracek @danliew-apple Do you know someone who can take a look why apparently benign 39db491 breaks LSAN on OSX?

[vitalybuka]

Thanks for the heads up. Do you have an example how to use Die? I can change the code and try again.

From the log above "Milestone 2" is not reached at all.
I propose to remove printfs and put Die() instead of "Milestone 2" and see if it crashes instead of hang.

[xiejw]

Got it @vitalybuka

I removed majority of the Printf and narrowed down to this one

@@ -628,6 +640,7 @@ static void ClassifyAllChunks(SuspendedThreadsList const &suspended_threads,
   ProcessRootRegions(frontier);
   FloodFillTag(frontier, kReachable);
 
+
   // The check here is relatively expensive, so we do this in a separate flood
   // fill. That way we can skip the check for chunks that are reachable
   // otherwise.
@@ -773,7 +786,10 @@ static bool CheckForLeaks() {
     param.caller_sp = reinterpret_cast<uptr>(__builtin_frame_address(0));
     Printf("==> i am here caller_sp = __builtin_frame_address END\n");
 
+    // Die(); this will crash
     LockStuffAndStopTheWorld(CheckForLeaksCallback, &param);
+    Die(); // this will not crash but hange

[kubamracek]

Could I ask for the output of "sample <pid>" on the hung process? That should reveal what's going on.

[xiejw]

Thanks @kubamracek

Here is the output of the hung process

$ sample 41328
Sampling process 41328 for 10 seconds with 1 millisecond of run time between samples
Sampling completed, processing symbols...
Sample analysis of process 41328 written to file /tmp/a.out_2022-11-02_091912_AEo3.sample.txt

Analysis of sampling a.out (pid 41328) every 1 millisecond
Process:         a.out [41328]
Path:            /Users/USER/a.out
Load Address:    0x102b78000
Identifier:      a.out
Version:         0
Code Type:       ARM64
Platform:        macOS
Parent Process:  bash [75912]

Date/Time:       2022-11-02 09:19:12.204 -0700
Launch Time:     2022-11-02 09:18:56.343 -0700
OS Version:      macOS 12.6 (21G115)
Report Version:  7
Analysis Tool:   /usr/bin/sample

Physical footprint:         51.9M
Physical footprint (peak):  51.9M
----

Call graph:
    8676 Thread_955462   DispatchQueue_1: com.apple.main-thread  (serial)
    + 8676 start  (in dyld) + 596  [0x102b990d8]
    +   8676 dyld4::LibSystemHelpers::exit(int) const  (in libdyld.dylib) + 20  [0x1b54c4ec4]
    +     8676 exit  (in libsystem_c.dylib) + 44  [0x1b53a3b74]
    +       8676 __cxa_finalize_ranges  (in libsystem_c.dylib) + 480  [0x1b53a3de0]
    +         8676 __lsan::DoLeakCheck()  (in libclang_rt.asan_osx_dynamic.dylib) + 524  [0x10310e5b4]  lsan_common.cpp:835
    +           8676 __lsan::LockStuffAndStopTheWorld(void (*)(__sanitizer::SuspendedThreadsList const&, void*), __lsan::CheckForLeaksParam*)  (in libclang_rt.asan_osx_dynamic.dylib) + 40  [0x103111e70]  lsan_common_mac.cpp:233
    +             8676 __sanitizer::StopTheWorld(void (*)(__sanitizer::SuspendedThreadsList const&, void*), void*)  (in libclang_rt.asan_osx_dynamic.dylib) + 36  [0x1030fcb80]  sanitizer_stoptheworld_mac.cpp:85
    +               8676 _pthread_join  (in libsystem_pthread.dylib) + 444  [0x1b54ba5a0]
    +                 8676 __ulock_wait  (in libsystem_kernel.dylib) + 8  [0x1b547c834]
    8676 Thread_955479
      8676 thread_start  (in libsystem_pthread.dylib) + 8  [0x1b54b308c]
        8676 _pthread_start  (in libsystem_pthread.dylib) + 148  [0x1b54b826c]
          8676 __sanitizer::RunThread(void*)  (in libclang_rt.asan_osx_dynamic.dylib) + 296  [0x1030fca04]  sanitizer_stoptheworld_mac.cpp:73
            8676 __lsan::CheckForLeaksCallback(__sanitizer::SuspendedThreadsList const&, void*)  (in libclang_rt.asan_osx_dynamic.dylib) + 880  [0x10311030c]  lsan_common.cpp:736
              8676 __lsan::CheckForLeaksCallback(__sanitizer::SuspendedThreadsList const&, void*)  (in libclang_rt.asan_osx_dynamic.dylib) + 928  [0x10311033c]  lsan_common.cpp:736

Total number in stack (recursive counted multiple, when >=5):

Sort by top of stack, same collapsed (when >= 5):
        __lsan::CheckForLeaksCallback(__sanitizer::SuspendedThreadsList const&, void*)  (in libclang_rt.asan_osx_dynamic.dylib)        8676
        __ulock_wait  (in libsystem_kernel.dylib)        8676

Binary Images:
       0x102b78000 -        0x102b7bfff +a.out (0) <7A443836-953C-30E6-98F9-8B2BFA6FC14A> /Users/*/a.out
       0x102b94000 -        0x102bf174b  dyld (960) <38EE9FE9-B66D-3066-8C5C-6DDF0D6944C6> /usr/lib/dyld
       0x10308c000 -        0x10312bff7 +libclang_rt.asan_osx_dynamic.dylib (0) <ED18766D-376D-3ED1-8EB6-A0187FA7CCDB> /Users/*/libclang_rt.asan_osx_dynamic.dylib
       0x1b51dd000 -        0x1b51deffe  libsystem_blocks.dylib (79.1) <96462BD5-6BB4-3B69-89C9-2C70FA8852E7> /usr/lib/system/libsystem_blocks.dylib
       0x1b51df000 -        0x1b5220ff3  libxpc.dylib (2236.140.2) <21D05A8B-D782-3FA7-9A9D-55A45E6E6621> /usr/lib/system/libxpc.dylib
       0x1b5221000 -        0x1b523affe  libsystem_trace.dylib (1375.140.2) <B5524014-1A7F-3D07-8855-5E75A55E4A11> /usr/lib/system/libsystem_trace.dylib
       0x1b523b000 -        0x1b52c4fef  libcorecrypto.dylib (1218.120.10) <2D00FEEC-7984-342B-9516-5D49C5D98204> /usr/lib/system/libcorecrypto.dylib
       0x1b52c5000 -        0x1b52efffb  libsystem_malloc.dylib (374.120.1) <427675C6-C4BF-390A-AF93-B28DAC36876A> /usr/lib/system/libsystem_malloc.dylib
       0x1b52f0000 -        0x1b5336ff7  libdispatch.dylib (1325.120.2) <B3C7A004-1069-3171-B630-2C386A8B399C> /usr/lib/system/libdispatch.dylib
       0x1b5337000 -        0x1b5374fee  libobjc.A.dylib (841.13) <EC96F0FA-6341-3E1D-BE54-49B544E17F7D> /usr/lib/libobjc.A.dylib
       0x1b5375000 -        0x1b5377fff  libsystem_featureflags.dylib (56) <5B14B45B-A15B-31AD-93FB-BAC43C001A23> /usr/lib/system/libsystem_featureflags.dylib
       0x1b5378000 -        0x1b53f9fff  libsystem_c.dylib (1507.100.9) <B25D2080-BB9E-38D6-8236-9CEF4B2F11A3> /usr/lib/system/libsystem_c.dylib
       0x1b53fa000 -        0x1b5460ffb  libc++.1.dylib (1300.25) <3D1E6031-901D-3DF1-9E9A-F85FF1C2E803> /usr/lib/libc++.1.dylib
       0x1b5461000 -        0x1b5478ffb  libc++abi.dylib (1300.25) <4E8D8A11-4217-3D56-9D41-5426F7CF307C> /usr/lib/libc++abi.dylib
       0x1b5479000 -        0x1b54b0ffb  libsystem_kernel.dylib (8020.140.49) <A9D87740-9C1D-3468-BF60-720A8D713CBA> /usr/lib/system/libsystem_kernel.dylib
       0x1b54b1000 -        0x1b54bdff3  libsystem_pthread.dylib (486.100.11) <63C4EEF9-69A5-38B1-996E-8D31B66A051D> /usr/lib/system/libsystem_pthread.dylib
       0x1b54be000 -        0x1b54cafff  libdyld.dylib (960) <F298A03D-5BC7-3BCA-8880-B956E52EAD01> /usr/lib/system/libdyld.dylib
       0x1b54cb000 -        0x1b54d2feb  libsystem_platform.dylib (273.100.5) <A57FE7FB-9FF8-30CE-97A2-625D6DA20D00> /usr/lib/system/libsystem_platform.dylib
       0x1b54d3000 -        0x1b54fffff  libsystem_info.dylib (554.120.2) <413C2A97-5D32-317D-8E32-4258B8E728CE> /usr/lib/system/libsystem_info.dylib
       0x1b7bef000 -        0x1b7bf9ff3  libsystem_darwin.dylib (1507.100.9) <5D456083-E21E-319D-9BA0-57702B3FB09B> /usr/lib/system/libsystem_darwin.dylib
       0x1b8048000 -        0x1b8057fff  libsystem_notify.dylib (301) <12A2A8B6-80B4-36CA-8245-830EBEDEF1C4> /usr/lib/system/libsystem_notify.dylib
       0x1ba5c4000 -        0x1ba5dcff7  libsystem_networkextension.dylib (1471.141.2) <4C9F32FA-D88C-3966-A2F0-7030841C8093> /usr/lib/system/libsystem_networkextension.dylib
       0x1ba636000 -        0x1ba64dff7  libsystem_asl.dylib (392.100.2) <EC04DA81-C3B5-3AC5-9042-7F07DF48B42A> /usr/lib/system/libsystem_asl.dylib
       0x1bbd9a000 -        0x1bbda2fff  libsystem_symptoms.dylib (1617.140.3) <2906E453-3254-32EA-880E-14AEEF5D7ECD> /usr/lib/system/libsystem_symptoms.dylib
       0x1bdd8e000 -        0x1bddacfff  libsystem_containermanager.dylib (383.120.2) <D38210EF-8F23-380B-8B43-BB06A7305F67> /usr/lib/system/libsystem_containermanager.dylib
       0x1beb35000 -        0x1beb39fff  libsystem_configuration.dylib (1163.140.3) <3977B29D-624D-3DEE-94EF-95D29FB25252> /usr/lib/system/libsystem_configuration.dylib
       0x1beb3a000 -        0x1beb3efff  libsystem_sandbox.dylib (1657.140.5) <2A2EB0A4-9822-36D1-999B-181D1BB964B5> /usr/lib/system/libsystem_sandbox.dylib
       0x1bf6a0000 -        0x1bf6a2fff  libquarantine.dylib (133.120.2) <B887350E-B1C9-386C-B5EB-26F08C7C0152> /usr/lib/system/libquarantine.dylib
       0x1bfd0d000 -        0x1bfd12fff  libsystem_coreservices.dylib (133) <D5F19732-3AA0-3B93-9F25-318A27DE5AC5> /usr/lib/system/libsystem_coreservices.dylib
       0x1bff78000 -        0x1bffaeffb  libsystem_m.dylib (3204.80.2) <31A9DAE0-FB1F-3CB8-8AB6-CA5A1192DFD8> /usr/lib/system/libsystem_m.dylib
       0x1bffb0000 -        0x1bffb8ff3  libmacho.dylib (994) <ED4EE8AE-EA60-33B7-9676-E6119B7449E3> /usr/lib/system/libmacho.dylib
       0x1bffd5000 -        0x1bffe1ffb  libcommonCrypto.dylib (60191.100.1) <FB7DF5AC-35DB-3B80-B2F6-BC69375390AE> /usr/lib/system/libcommonCrypto.dylib
       0x1bffe2000 -        0x1bffecfff  libunwind.dylib (202.2) <D9CA1CE3-6B1A-3E2B-BBAD-9D9B1DB00F92> /usr/lib/system/libunwind.dylib
       0x1bffed000 -        0x1bfff4ffb  liboah.dylib (254.25) <7E53021F-FDCE-3EC9-8B4C-97AD3B21D02E> /usr/lib/liboah.dylib
       0x1bfff5000 -        0x1bfffdff7  libcopyfile.dylib (180.100.3) <654D0DA0-8277-361D-88DC-1430504B5436> /usr/lib/system/libcopyfile.dylib
       0x1bfffe000 -        0x1c0001ffb  libcompiler_rt.dylib (103.1) <68788078-BF1D-3CD1-91A7-4C59FD78FB75> /usr/lib/system/libcompiler_rt.dylib
       0x1c0002000 -        0x1c0006fff  libsystem_collections.dylib (1507.100.9) <4928F3C4-D438-354F-BA1C-0BD79F6475F3> /usr/lib/system/libsystem_collections.dylib
       0x1c0007000 -        0x1c0009ffb  libsystem_secinit.dylib (107.100.5) <18F251D3-8C66-3B8B-817A-C124498478F4> /usr/lib/system/libsystem_secinit.dylib
       0x1c000a000 -        0x1c000cfff  libremovefile.dylib (60) <157C8E50-D4A5-3DFC-8E0B-756E03E2082B> /usr/lib/system/libremovefile.dylib
       0x1c000d000 -        0x1c000dfff  libkeymgr.dylib (31) <49D72074-0C58-317C-9B8B-762C13C0C084> /usr/lib/system/libkeymgr.dylib
       0x1c000e000 -        0x1c0016fff  libsystem_dnssd.dylib (1557.140.5.0.1) <10A4374A-D15A-31C8-AC6F-2DCC10D06444> /usr/lib/system/libsystem_dnssd.dylib
       0x1c0017000 -        0x1c001cff7  libcache.dylib (85) <7E9E684F-57B6-3196-8AEC-908B46DEEBD4> /usr/lib/system/libcache.dylib
       0x1c001d000 -        0x1c001efff  libSystem.B.dylib (1311.120.1) <9232C168-6ECA-3B7D-B081-E7C46B379836> /usr/lib/libSystem.B.dylib
       0x1c6371000 -        0x1c6371fff  libsystem_product_info_filter.dylib (10) <E49E2F05-0E01-352E-8CB7-276F8EF8E6D6> /usr/lib/system/libsystem_product_info_filter.dylib

[kubamracek]

Turns out SuspendedThreadsListMac::GetRegistersAndSP was accidentally overwriting other stack variables, and somehow that bug didn't trip on anything serious until Vitaly's recent change. https://reviews.llvm.org/D137292.

[vitalybuka]

Thanks for the quick fix!

[xiejw]

Thanks!

[xiejw]

@kubamracek just curious: has your fix got merged? if no, any ETA? Thanks

[kubamracek]

Just merged.